CVE-2016-2047

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."

Published: Jan 27, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-2047
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-254

Affected Software
References

Software	From	Fixed in
mariadb / mariadb	10.0.0	10.0.23
mariadb / mariadb	10.1.0	10.1.10
mariadb / mariadb	5.5.20	5.5.47
oracle / linux	7	7.x
oracle / mysql	5.6.0	5.6.29.x
oracle / mysql	5.7.0	5.7.11.x
oracle / mysql	5.5.0	5.5.48.x
opensuse / leap	42.1	42.1.x
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	6.0	6.0.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	15.10	15.10.x
canonical / ubuntu_linux	14.04	14.04.x

Vulnerability Database

289,599

CVE-2016-2047